From: | "Stephan Borg" <wolff_borg(at)yahoo(dot)com(dot)au> |
---|---|
To: | "'Vince Vielhaber'" <vev(at)michvhf(dot)com> |
Cc: | <pgsql-php(at)postgresql(dot)org> |
Subject: | Re: WWW-Authentication and Postgresql |
Date: | 2001-12-27 03:00:53 |
Message-ID: | 001801c18e82$ba9dc900$1400a8c0@p1g |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
I have found the mod_auth_pgsql module to be the easiest way to
implement this function. Does anyone know if it takes the points
mentioned below into consideration?
Stephan
-----Original Message-----
From: Vince Vielhaber [mailto:vev(at)michvhf(dot)com]
Sent: Wednesday, 26 December 2001 2:25 PM
To: Andrew McMillan
Cc: Stephan Borg; pgsql-php(at)postgresql(dot)org
Subject: Re: [PHP] WWW-Authentication and Postgresql
<snip>
A couple of quick gotchas. 1) make sure you filter out all unwanted
characters so someone can't execute sql calls inside of a username or
password. 2) On failure make sure you send a 401 to the browser just
like you do initially when asking for the password to clear out the old
one - you can also use this to handle logouts.
Vince.
--
========================================================================
==
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com
http://www.pop4.net
56K Nationwide Dialup from $16.00/mo at Pop4 Networking
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
========================================================================
==
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew McMillan | 2001-12-27 08:54:11 | Re: WWW-Authentication and Postgresql |
Previous Message | Vince Vielhaber | 2001-12-26 03:24:30 | Re: WWW-Authentication and Postgresql |